HIPAA

HIPAA POLICIES AND PROCEDURES

A CE (covered entity) must adopt reasonable and appropriate policies and procedures to comply with the provisions of the Security Rule of HIPAA. At Mardac, we will help you write and acknowledge your policies and procedures as required. Policies and procedures that employees will understand the importance of in keeping their company solvent and compliant.

• Risk Assessments: Covered entities are also required to conduct HIPAA risk assessments as part of their security management processes. At Mardac, we can help you evaluate the likelihood and impact of potential risks to ePHI, implement appropriate security measures to address the risks identified in the risk analysis and document the chosen security measures, and where required, the rationale for adopting those measures.
  
  The risk analysis should be an ongoing process, in which a covered entity regularly reviews its records to track access to ePHI and detect security incidents, periodically evaluate the effectiveness of security measures put in place, and regularly reevaluate potential risks to ePHI.
  
  
• 42 CFR Part 2: We take pride in working with CEs that partake in 42 CFR part 2: SUDS diagnoses and the privacy requirements that are required for CEs that work with patients with SUDS diagnoses. 42 CFR part 2 is a regulation that implements statutory provisions enacted in the 1970s at a time when individuals seeking treatment for substance abuse disorders faced significant consequences, even legal problems, because they sought help. We will help you distinguish between HIPAA and 42 CFR part 2 and what the requirements are for each.
  
  
• Medical Record Requirements: Your Notice of Privacy Practices has to describe how your patients can get their medical records. Be sure to make sure it has been updated since no later than 2013 and is posted on your website and in your front lobby. Your staff must be trained on your NPP. We can help write and train your staff on the issues that concern the NPP